TLS certificate lifetimes will be greatly reduced by certificate authorities in the next couple of years. Big IP LTM needs a feature to automatically generate a new private key, renew certificates with the CA, and install the new certificate, key, and CA root/intermediate bundles to existing SSL profiles. The feature needs to support all of the major CAs such as Digicert, Entrust, Comodo/Sectigo, etc. There should also be a way to schedule/control the time/day of the week, and day of the month that the renewal will happen so that services are not impacted during the business day. The feature should be configurable to generate the new key and renew the certificate X number of days prior to expiration and include SNMP, email, and SMS alerts if the renewal/installation fails.